What are the security considerations/implications if you have NAM IDP
setup as an SP (ie: You've configured a Trusted IDP in NAM, so
therefore the NAM IDP is a consumer/SP) and you do not:
a) require signed assertions
b) You do not sign auth requests

And you are using HTTP Post/binding methods?

Does that mean that the http stuff could be intercepted and hacked?

kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=47791